Sophos' recent threat report showed that while the Macintosh platform is now becoming the target of the same sort of organised crime that affects Windows users, these attacks are still very limited in scope and in impact.

However, no portable computer users can afford to be complacent. The success of many data theft attacks depends more on the target system's user and the way in  which they work with their computer, than on which operating system they have chosen to install.

Laptops are more susceptible to physical attack than desktop systems by their nature. Being portable they're often taken out of the office and used to work from home, on the train or even in the local Starbucks. When you take your machine out you also take the data it contains with you - away from the safety of the corporate environment with its security controls and into new environments with new risks and threats. Home users, too, must realise that when taking their notebook out of the front door, more of their identity is on display than simply their preferred brand.

Does it need to come with you?

The first step in securing your remote computing lifestyle is considering whether you need to take everything out. All of the attacks discussed here involve getting data from the computer - the easiest way to stop that from happening is to ensure that the data isn't there in the first place. In some environments, the attacker doesn't even need a computer.

I've sat in numerous cafes and on trains where I could see the online banking pages of other people, and could (were I so inclined) read their account numbers, balances and the payments they were making. Simply put, I could see all of the information that an identity thief works to collate. While government departments such as the UK's HMRC may lose information about millions of people, most of the data on your laptop concerns one important person - you. Deciding whether all of this information really needs to come with you is the first, and most important, step to take on the road to safer computing.

In some cases this might not be so easy. John Gruber, authour of blog Daring Fireball2, says: "My primary computer is a Mac PowerBook that I use both at home and on the road. The only difference in how I use it on the road is that at home, I'm always connected to the internet, but on the road, network access depends on the availability of Wi-Fi. Otherwise, no difference."

In such a situation, leaving everything at home (perhaps on an external drive) loses the convenience of continuing your work when you're out. But I'd say this is a compromise well worth making.

Change your keychain password

I asked John Gruber what changes he'd made to his Mac OS X configuration with respect to security. His answer: "The only significant change I've made is that I use a different password for my Keychain than for my user account. "That's a change I also make on all of my systems.

On the Mac, the Keychain allows you to keep internet passwords, notes and SSL certificates in an encrypted store, and synchronise them between different machines. So far, so good - of course there's only a single password to unlock all of this information, but it means that you can choose one really good password that you can remember, then use different passwords for all of the websites, mail accounts and so on that you use, which you don't need to keep in your head (or on a Post- It note) because you can always get them out of the Keychain. The problem with the default Keychain configuration is that this password is synchronized with your login
password; whenever you are logged in, the items in your Keychain are unlocked and available to any application that asks for them.

It's simple to fix this. First open the Keychain Access application in /Applications/Utilities. In the Edit menu, choose "Change password for Keychain `login'..." and set a new password.

Now when an application needs a password out of the Keychain, it has to prompt you for that password; a slight reduction in convenience but with a huge payoff in being able to control when your stored passwords are used.

You can also control when the Keychain is automatically locked (so that you get re-prompted for the password) through the Keychain's settings, accessed from the "Change Settings for Keychain `login'..." menu item.

Of course there are many password managers for Windows PC's too. Some have featured on Melb PC Monthly Disks and others are commercially available. We'll continue this article in the next PC Update.

About the Author
Graham Lee is a senior software engineer at Sophos, where he's the technical lead for the Macintosh team. He has spoken at numerous Mac and UNIX user groups. Before joining Sophos in 2007 he studied Physics at Oxford University, and subsequently taught computing to the department's undergraduates while maintaining their 1100-user Mac network. Graham has been described as an "Oxford University UNIX expert" by MacWorld UK magazine.

Reprinted from the August 2008 issue of PC Update, the magazine of Melbourne PC User Group, Australia

[ About Melbourne PC User Group ]